[wellylug] Re: Microsoft FUD at work (Linux fud too?)

Stephen Judd sljudd at paradise.net.nz
Mon Jan 13 20:36:19 NZDT 2003 

On Mon, 2003-01-13 at 13:36, Wellington Assassin wrote:
> Afternoon List,
> 
> I think a few realities have to be seeked out here...
> 
> 1) Open source is not more secure than microsoft. Take away the worms
> that caused major havoc because certain MCSE +I's failing to run a
> simple patch (flipside, apache / openssl worms anyone?), more linux /
> UNIX boxes are hacked / cracked / DOS'd each day than any other OS.

Really? Could you support that?

> Open source does have a down side. Bugs are found, exploited and NOT
> disclosed as much as people would like to think. A couple of prime
> examples of this are the SSHD and Apache bugs discovered during 2002.

Um, as I understand it, the "chunking" bug was not widely exploited at
all, dependant as it was on particular Apache builds on particular
hardware. And of course, it was disclosed, _before_ exploits were seen
in the wild.

> However, linux and open source allows more flexability within your
> business. You are not bound to 'dirty' license agreements, but more
> flexable agreements for your business. You have the ability to
> customise software to fit your companies needs. And naturally, there
> are steps one can take as with any platform for improved security.  
> 
> 2) If its "0day" and public, chances are it's been known to private
> individuals for at least a year. 

That goes for any platform, surely?

> 3) Most banking servers (talking web / exposed servers not AIX boxes
> in the background) still run on NT4 / NT2000. Why? Patched microsoft,
> and properly maintained microsoft is solid and secure. 

The three banks that I have worked for (NAB, BNZ, Egg) use Solaris for
their public facing servers (and two of them were using Apache).

But yes, that was interesting looking with Netcraft. Especially seeing
that the best uptimes are for the Unix banks ;-)

According to netcraft:

The site www.kiwibank.co.nz is running Microsoft-IIS/5.0 on Windows
2000.
The site www.psis.co.nz is running Microsoft-IIS/5.0 on Windows 2000.
The site www.ampbanking.co.nz is running Lotus-Domino/Release-4.6.5a on
NT4/Windows 98.
The site www.westpactrust.co.nz is running Lotus-Domino/5.0.5 on Solaris
8.
The site www.bankdirect.co.nz is running Microsoft-IIS/4.0 on
NT4/Windows 98.
The site www.asb.co.nz is running Microsoft-IIS/4.0 on NT4/Windows 98.
The site www.nationalbank.co.nz is running Microsoft-IIS/4.0 on
NT4/Windows 98.The site www.nationalbank.co.nz is running
Microsoft-IIS/4.0 on NT4/Windows 98.
The site www.anz.co.nz is running Microsoft-IIS/4.0 on NT4/Windows 98.
The site www.tsb.co.nz is running Apache/1.3.26 (Unix) mod_ssl/2.8.10
OpenSSL/0.9.6g on Linux.

BNZ I happen to know runs Apache on Solaris.

<snip>

> 5) Support. We need to point out to people asking the question of
> linux in business different support options. This is a companies
> infrastructure they are playing with, not a home desktop machine. 

Goes for any platorm too.

> If you read this and think "My Lord! He's a windows advicate" please
> reread and rethink the above content, however, a certain reality that
> many Linux users / groups / companies around the world are looking
> past, is that not all businesses are in a postition to take the plunge
> into open source. Not to mentain, Linux itself is only just touching
> on being a solid, reliable business tool. 

Oh bollocks. I have worked at organisations where Linux was a key part
of the infrastructure since 1998, anyway. That's five years.

> My $1.25 worth.

Inflation, eh?

Stephen
-- 
Stephen Judd <sljudd at paradise.net.nz>


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Turn flat surfaces into speakers with the Soundbug.
http://us.click.yahoo.com/QWAVSC/onCFAA/xGHJAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

More information about the wellylug mailing list